Posted
by
timothy
on Thursday March 27, 2014 @12:18PM
from the putin-actually-invented-it dept.

wiredmikey writes: "Russian government officials have swapped their iPads for Samsung tablets to ensure tighter security, the telecoms minister told news agencies on Wednesday. Journalists spotted that ministers at a cabinet meeting were no longer using Apple tablets, and minister Nikolai Nikiforov confirmed the changeover "took place not so long ago." He said the ministers' new Samsungs were "specially protected devices that can be used to work with confidential information." This isn't the first time Russian powers have had concerns over mobile. In August 2012, Russia unveiled a prototype tablet with its own "almost Android" mobile OS that has the remarkably familiar feel of an Android but with bolstered encryption. In an even more paranoid move, this past July a Russian state service in charge of safeguarding Kremlin communications was looking to purchase an array of old-fashioned typewriters to prevent leaks from computer hardware."

But..why should we trust them? we already know if its made by an American company the US government will force them to make a hole....or... collect the data for the Government? Just saying... And lets say an Mexico software company made the software what guarantees the Mexican government didn't force the company to collect data, for the Mexican Government??

This all pointing to the concept that all essential tech infrastructure should be locally produced in secured and audited facilities. Any time you import any essential tech infrastructure you leave that infrastructure at the mercy of the source location and it's vested interests. Including and not limited too espionage, industrial espionage, financial espionage and insider trading, targets for criminal extortion, political extortion, attacks upon democratic structures, gross wholesale privacy invasion for

More likely, this is a purely populist gesture. People in Russia have been making fun of Medvedev's use of iPhone and iPad for a long time now, especially as it was seen as him trying to fit the positive stereotypes of the more liberal, "hipster" demographics. Now that same connection between liberals and Apple products is being played in reverse - "I'm a patriot! I don't use iPad!".

None of Google's non-OS apps, including the Play Store, are open source. The words "open source" are not a complete explanation of this situation.

How about the fact that the devices are "specially protected devices that can be used to work with confidential information," as stated in the summary?

The "paranoia" about the iPad probably comes from (a) it's American which means that the NSA has it's hooks in it and (b) the device is closed off so that you can't see anything that anything is doing. That's fine for my Mom...

No they don't. They can remove Samsung's version of Android and put their own version of Android on it. Just because the tablet says Samsung doesn't mean that it must be running Samsung's version of Android.

So.. Why would you trust Samsung over Apple? Samsung is a Koren Chaebol, the largest of 5 companies that contol 90% of the SK economy. They pretty much own the SK Govt. Samsung also has a history of gaping security holes.. Baked right in to their custom ARM cpus. (Ask the cyanogen devs what they think of Samsung's SoCs.. But put in earplugs first.)

This has nothing to do with security and everything to do with Putin's extremely aggressive propaganda. This non-story and the only reason you see it is because i

But they can do this... Whereas with the iPad they have to take Apple's word for it. This may be the limitation that drove them to Android and Samsung

I'm not sure I'd trust any tablet handed to me by Putin's government, regardless of the OS that came on it. They may be secured against the US, but I'd bet there is a healthy amount of domestic spying going on in Russia.

The iPad: The OS Designed in America, Built in China shipped worldwide.Samsung Tablet: The OS Designed in America, Built in China and shipped world wide.

The only difference is which CEO gets the Cut The one in America or the one in Korea.

NSA to Apple: Add spying to your OS or you will not be allowed to sell it world wide.NSA to Google: Add spying to your OS or you will not be allowed to sell it world wide.NSA to Samsung: Insure the spying features in your OS are not disabled unless you will not be allowed to sell in the US.

Russia is upset about the NSA and the US + EU's reaction to them taking over the Crimea.China is upset about the NSA and is backing Russia over Crimea.Android is open source.Both countries have the resources to go through Android with a fine toothed comb. This looks pretty much like the best short-term option they had - lets see if someone now buys up Symbian, it comes from a Finnish company and could be a good starting point.

Android is open source.Both countries have the resources to go through Android with a fine toothed comb.

And AOSP != Android. In fact, who knows what code that Samsung tablet is running. There can be plenty of proprietary code on Android that's binary only, and no amount of analysis of AOSP will find them because that's not the code running on the tablet.

Code for the GPU is often closed-source. As is camera code, DSP code (for audio), etc.

And hell, If it's Samsung, it probably ships with Google apps as well, powered by root-owned Google Services Framework.

They'd actually be better off dumping iPads for those chintzy $100 tablets - those tend to be practically pure Google and very little of it is proprietary.

Russia has plenty of resources to create their own Android distribution for whatever piece of hardware they want. They have the resources to reverse-engineer any blobs, aside from the fact that there is a less than zero chance that they already have all the data on those devices through their own version of the NSA. Your reaction implies that they'd run whatever Samsung decided to install on those tablets. That is of course a silly assumption, for many reasons.

Russia is upset about US + EU's reaction to them taking over the Crimea, and this is mainly just another form of counter-sanction propaganda.China is backing Russia over Crimea. (Because they have a similar idea for some Japanese owned islands as well as other territory.)

I don't know about Cook & Ives shuck and jive, since the passing of Jobs... But I'm pretty sure the iOS crypto flaws are lower risk than ANYTHING those gangsters make at Samsung. I won't let them land an icebox in my house!

Ah, but you see, Russia is also run by gangsters - and among each other gangsters have their own code of honor, which in fact may be far more effective at keeping each other honest in their dealings than the legal processes among so-called "honest businesses" - which are generally no less corrupt, but protect the guilty individuals from any personal liability.

That's why you don't trust Apple or Samsung's proprietary blobs.With Android, you can install Replicant http://www.replicant.us/ [replicant.us] for a complete open source system which you can audit and verify (or re-code) yourself.Russia has the tech chops to do this.

If certain Western intelligence agencies want to attack certain devices belonging to certain people, they'll find a way in, regardless of which mass market POS they're using. They're wasting their time. This is just a pointless gesture.

Well, how often have we provably seen our gadgets stealing data for foreign governments? We worry about operating systems, we worry about network controller firmware, and all those are potential risk factors, but has anything been found?

The very big risk right now are the various networks the data is sent over. There seems to be government wiretaps everywhere, with NSA being the biggest offender, but other countries too. If you have an iPad and are using Apple's cloud services, then that's a potential risk

i think GP is incredulously posing the question, why on earth would we think the russians are being paranoid? from their perspective, they have massive evidence that americans are spying on everybody and have owned all the interneet and equipmetn. not to mention that snowden is living in putin's house.

The networks are a risk but they are a risk that can be mitigated to at least some extent by strong well-managed encryption (and yes this does mean avoiding the easy to use centralised systems where the system operator manages the encryption and going for something more decentralised and that requires more work and understanding but lets you manage the encryption yourself).

But if the end devices are compromised then the keys can be stolen or the data can simply be copied before it is encyrpted.

They already did something much more sophisticated than that in the 1970's. Operation GUNMAN [matthewaid.com]:

The monograph reveals that beginning in 1976, the KGB successfully installed sophisticated miniaturized electronic eavesdropping equipment and burst transmitters inside 16 IBM Selectric typewriters used by the staffs of the Moscow embassy and Leningrad consulate, which copied everything being typed on the machines, then periodically broadcast their take to KGB engineers manning listening posts just outside.

The KGB bugs were discovered eight years later in 1984 by a NSA operation codenamed Project GUNMAN

Perhaps on a certain, small, specific, set of hardware targets; but the "Extract Proprietary Blobs" step is part of the Cyanogenmod build process for a reason...

I think that it's mostly AOSP at higher levels; but when 'the details' are kernel-level drivers that can do whatever the hell they want without you noticing, or firmware that has its own CPU and memory space in which to hide and do god-knows-what, you can be pretty sure that if there are devils in the details, you are fucked. Gratuitously.

If they were really concerned about spying, shouldn't they go with a Nexus that runs Replicant

I mean, for the average person I'm not saying they need to be so paranoid; there's likely backdoors or potential exploits, but it's also unlikely to ever matter, and some of the functionality that's sacrificed is likely not worth it for the average bloke. But for guarding state secrets? You want something that involves zero binary blobs, and Replicant is the closest you get for Android.

CM is full of binary blobs which are as closed and proprietary as they can get. If you want Android without the nasty bits you'd better look at Replicant [replicant.us] - that is if it works on your device, of course...

Samsung is a South Korean company which means that Samsung is not required to follow the so-called Patriot Act. Google, Apple and Microsoft, however, is, making any product from these manufacturers a serious security risk.

Do we really need more insight on the country that uses a Jersey Shore "No, Fuck you!" as its national agenda...We made them, just like we made Germany(et al.) after WWI, just like Afghanistan will be in a decade or so. You can't isolate and belittle ignorance with more ignorance, freedom comes with responsibility which we ignored...these are the consequences. Snowden is a small part of a lot of nonsense we let happen, how can we blame him for pointing out the mess we made?

If Russia are not doing anything nefarious, why should they worry about what spies might discover?:)

In all seriousness, while it’s nice that NSA spying on US citizens has been exposed, it’s NOT good that so many US state secrets were revealed in the process. Contrary to what some lunatics would like to tell you, there ARE external threats that face America and the American people. You can’t run proper defensive operations if all of your strategies are visible to the enemy. I’m no

And I’m not sure that the benefits necessarily outweigh the costs in this case.

Unless there's some sort of imminent existential threat that US is exposed to thanks to Snowden revelations, of course the benefits outweigh the cost. The only thing that can be more important than preserving the free character of the country and the nation is preserving its existence.

Crypto efforts from the UK and EU where attempted by different firms in the 1950-80's i.e. real crypto for small firms and non EU/EU governments.
Their efforts faced other brands with vast marketing efforts, lots of cash and loss leader like low prices that seemed to win gov contracts.
When embassies saw their crypto messages in the Western press years later they understood why. The hardware as sold was crypto junk. What they had found on the international market was a series of US/UK gov backed front com

i think the new mac pros say made in china. assembled in usa. designed in california. what components need to be "made in usa" for us to rule out chinese interference? the processor chips? the memory? the fab equipment? where are the true scotsmen?

You just cannot trust anything with bits&bytes made in the US. How can anyone think otherwise these days?

this is why the typewriter method mentioned in the summary is so brilliant. at the very least, it would drive the NSA nuts, to know that some data was recorded and stored in analog and paper. their data wouldn't be complete, and who knows what they could be missing? those russkies are a crafty bunch.

Re If they're worried about the NSA having code running on their tablets.... why did they swap their mach/freebsd running tablets for ones running and OS that's had heavy development from the NSA?
Russia always knew its telco and radio and related mil networks where been collected in bulk by the US and UK via surrounding countries.
Russia tried the onetime pad, no chatter (no extra messages) for a short time in the 1950's. Russia quickly found they could not run a modern mil communications system with th

I'm not disagreeing with that. I think it's been a positive for the linux kernel as well, making linux a much more secure platform. I just thought it was funny that the Russians swapped their hardware for something that ostensibly the NSA has had more access to.

In a free market anything that benefits from network effects will tend towards a monopoly or, at best, an oligopoly. And then you'll get all the abuses associated with such. Free markets are wonderful for commodities with low barriers to entry. Not so much for anything else.

Apple had a very well-designed, well-built and convenient product with iPod. They followed up with the well-designed and convenient software product, iTunes. iTunes is so profitable and flawlessly exemplifies vendor lock-in, that they followed up with the same model for the iPhone and iPad.

One ecosystem, which just happens to not work very well with other vendors' products, and essentially never with open-platform systems.

NATO will always have to buy what compatible and longterm US systems the US offers them.
As for the wider public marketing still works its magic. Price in the EU might become a factor with Asian brands been able to offer low cost hardware with known regional software with goof cpu and gpu options. The ability to spy on you was within digital networks and is cared for by regional staff. Even local political leaders are handed junk crypto by their own gov experts, their nations insights flowing to a few